Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106491 EXPLOITDB text
DoceboLms 4.0.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by LiquidWorm
CVE-2011-5025 EXPLOITDB text
Yaws - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.
by Michael Brooks
EIP-2026-102135 EXPLOITDB text
ZO Tech Multiple Print Servers - Cross-Site Scripting
by b0telh0
EIP-2026-102065 EXPLOITDB text
TP-Link TL-PS110U / TL-PS110P - Cross-Site Scripting
by b0telh0
EIP-2026-101923 EXPLOITDB text
Planex Mini-300PU & Mini100s - Cross-Site Scripting
by b0telh0
EIP-2026-101921 EXPLOITDB text
Planet FPS-1101 - Cross-Site Scripting
by b0telh0
EIP-2026-101838 EXPLOITDB text
Longshine Multiple Print Servers - Cross-Site Scripting
by b0telh0
EIP-2026-101714 EXPLOITDB text
Encore ENPS-2012 - Cross-Site Scripting
by b0telh0
CVE-2011-10028 EXPLOITDB HIGH text VERIFIED
RealArcade 2.6.0.445 ActiveX - Exec Method Command Execution
The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks' platform, GameHouse.
by rgod
EIP-2026-119083 EXPLOITDB text VERIFIED
RealNetworks RealGames StubbyUtil.ShellCtl.1 - ActiveX Control Multiple Remote Command Executions
by rgod
EIP-2026-119081 EXPLOITDB text VERIFIED
RealNetworks GameHouse 'InstallerDlg.dll' 2.6.0.445 ActiveX Control - Multiple Vulnerabilities
by rgod
EIP-2026-113967 EXPLOITDB text VERIFIED
WordPress Plugin Placester 0.1 - 'ajax_action' Cross-Site Scripting
by John Leitch
EIP-2026-111679 EXPLOITDB text
Rash CMS - SQL Injection
by keracker
EIP-2026-110263 EXPLOITDB text
OpenCart 1.4.9 - Multiple Local File Inclusions
by KedAns-Dz
EIP-2026-106490 EXPLOITDB text VERIFIED
DoceboLms 4.0.4 - 'index.php' Multiple HTML Injection Vulnerabilities
by LiquidWorm
EIP-2026-105389 EXPLOITDB text VERIFIED
Banner Ad Management Script - SQL Injection
by Egyptian.H4x0rz
EIP-2026-104984 EXPLOITDB text
Advanced Image Hosting 2.2 - 'index.php' SQL Injection
by keracker
EIP-2026-112386 EXPLOITDB text
spidaNews 1.0 - 'news.php?id' SQL Injection
by Easy Laster
EIP-2026-107781 EXPLOITDB text
ilchClan 1.0.5 - 'regist.php' SQL Injection
by Easy Laster
CVE-2011-1667 EXPLOITDB text VERIFIED
Anzeigenmarkt 2011 - SQL Injection
SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action.
by Easy Laster
CVE-2011-1670 EXPLOITDB text VERIFIED
InTerra Blog Machine <1.84 - XSS
Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit.
by High-Tech Bridge SA
EIP-2026-107072 EXPLOITDB text VERIFIED
Feng Office 1.7.3.3 - Cross-Site Request Forgery
by High-Tech Bridge SA
CVE-2011-1668 EXPLOITDB text VERIFIED
AR Web Content Manager <2.3 - XSS
Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter.
by Antu Sanadi
CVE-2011-1665 EXPLOITDB text
PHPBoost 3.0 - Info Disclosure
PHPBoost 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain backup SQL files via a direct request for predictable filenames in cache/backup/.
by KedAns-Dz
CVE-2011-1670 EXPLOITDB text VERIFIED
InTerra Blog Machine <1.84 - XSS
Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit.
by High-Tech Bridge SA
By Source
All 31,344 Writeup 60,344 Exploitdb 50,009 Nomisec 21,883 Metasploit 3,225 Github 2,709 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,029 ruby 5,914 c 3,575 perl 2,849 html 2,053 php 1,326 bash 460 java 364 c++ 251 javascript 220 shell 95 go 61 postscript 25 xml 24